I make a membership bulletin board with php+mysql
Each user will see a post, but I would like to make it impossible to edit a post or delete a post except for my own post. (*Do not display links to edit a post or delete a post.)
Example: After logging in with testuser, non-testuser posts will not display the Post Edit Post Delete link
[posts] The user_id of the table is set to include the value of the user_id of the [users] table. "If the values are the same, the link ""Edit Post"" and ""Delete Post"" will be displayed."
I implemented it, but it doesn't work properly. Please let me know what's wrong.
The table information looks like this.
[users] Table
create table users(
id int primary key auto_increment,
name varchar(255),
email varchar(255),
created_at datetime,
password varchar(255)
);
ostposts テーブルTable
create table posts(
id int primary key auto_increment,
user_id int,
name varchar(255),
title varchar(255),
content text,
created_at datetime,
updated_at datetime
);
The sample code is as follows:
<?php
session_start();
require_once('config.php');
require_once('functions.php');
if(empty($_SESSION['id'])){
header('Location:login.php');
exit;
}
// var_dump($_SESSION['id']);
// var_dump($_SESSION['name']);
$dbh = connectDatabase();
$sql = "select * from posts";
$stmt = $dbh->prepare($sql);
$stmt->execute();
$posts=$stmt->fetchAll (PDO::FETCH_ASSOC);
// var_dump($posts);
$dbh = connectDatabase();
$sql = "select * from users";
$stmt = $dbh->prepare($sql);
$stmt->execute();
$users=$stmt->fetchAll (PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html>
<head>
<metacharset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>ELITES Blog</title>
<link type="text/css"rel="stylesheet" href="reset.css">
<link type="text/css"rel="stylesheet" href="style.css">
</head>
<body>
<divid="wrapper">
<nav>
<ul>
<lic class="on"><a href="index.php">Home</a></li>
<lic class="on"><a href="list.php">Diary listing</a></li>
<lic class="on"><a href="add.php">Add Diary</a></li>
<lic class="on"><a href="logout.php">Logout</a></li>
</ul>
</nav>
<h1>ELITES Blog</h1>
<h2>ELITES Official Development Blog</h2>
<h3>List of blogs posted</h3>
<?php if(count($posts))—?>
<?php foreach($posts as$post): ?>
<ul>
<lic class="link">a href="detail.php?id=<?phpechoh($post['id'])?>">?phpechoh($post['title'])?>(Date created:<?phpecho($gatted_');>upted]
<?php if(h($users['id'])==h($post['user_id']))): ?>
|[<a href="edit.php?id=<?phpechoh($post['id'])?>">Edit</a>]|[<a href="delete.php?id=<?phpechoh($post['id'])?>">">">">">"
<?php endif?>
</li>
</ul>
<?php endforeach?>
<?phpelse:?>
No diaries have been posted.
<?php endif?>
<footer>
<p><a href="http://nowall.co.jp">NOWALL</a></p>
<small>2015 NOWALL, Inc. All Right Reserved.</small>
</footer>
</div>
</body>
</html>
From the following sources, it seems that you can edit the logged-in user if it matches the posted user.
<?php if(h($users['id'])==h($post['user_id']])): ?>
On the other hand, users can use
$sql="select*from users";
$stmt = $dbh->prepare($sql);
$stmt->execute();
$users=$stmt->fetchAll (PDO::FETCH_ASSOC);
and all the contents of the users table.
Instead of comparing the id of users with the user_id of post,
Maybe we should compare the user id($_SESSION['id']) currently logged in with the user_id of the post.
That's all.
/*
$dbh = connectDatabase();
$sql = "select * from users";
$stmt = $dbh->prepare($sql);
$stmt->execute();
$users=$stmt->fetchAll (PDO::FETCH_ASSOC);
*/
↑ No need
<?php if(h($users['id'])==h($post['user_id']])): ?>
|[<a href="edit.php?id=<?phpechoh($post['id'])?>">Edit</a>]|[<a href="delete.php?id=<?phpechoh($post['id'])?>">">">">">"
<?php endif?>
↓Change
<?php if(h($_SESSION['id'])==h($post['user_id']])): ?>
|[<a href="edit.php?id=<?phpechoh($post['id'])?>">Edit</a>]|[<a href="delete.php?id=<?phpechoh($post['id'])?>">">">">">"
<?php endif?>
$users['id']
↓
$_SESSION ['id']
© 2024 OneMinuteCode. All rights reserved.